ScreenShot
| Created | 2021.11.30 11:51 | Machine | s1_win7_x6401 |
| Filename | Ego2.exe | ||
| Type | PE32 executable (GUI) Intel 80386, for MS Windows | ||
| AI Score |
|
Behavior Score |
|
| ZERO API | file : malware | ||
| VT API (file) | 56 detected (AIDetect, malware2, malicious, high confidence, DownLoader13, FDDH, Unsafe, Save, ZevbaF, km0@amOi, Eldorado, Attribute, HighConfidence, BZAS, R002C0PKT21, score, uyjy, Symmi, dyksvy, Wpst, Outbreak, axkc, ASMalwS, kcloud, R273914, TScope, ai score=88, GenAsa, bUFpJPpMDL4, Static AI, Malicious PE, 100%, Genetic, confidence, susgen) | ||
| md5 | d5438415ed71322922b70ac85ad02f64 | ||
| sha256 | 3d7e2744ac50ae3ff7fcdbf97b4f70af8236ade6c3d2e82004f0641be304f83b | ||
| ssdeep | 3072:pNWDBrYmzGMDs6xZl/LkZ9sfNyvBOaH+DMsU0BrvUyhXi148ilkK:pIBrzzDo6xZlDkZ4I5YLJsyhXi1A3 | ||
| imphash | a5db5a466a58a88fc36a0259818100cd | ||
| impfuzzy | 6:HHTbQcrnPpWUkBBMdyq8rT/VC1nq4NDKTQWMNdlJUT:nT9Z9doTY1n9dKiTlaT | ||
Network IP location
Signature (7cnts)
| Level | Description |
|---|---|
| danger | File has been identified by 56 AntiVirus engines on VirusTotal as malicious |
| danger | Disables Windows Security features |
| watch | Modifies security center warnings |
| notice | Allocates read-write-execute memory (usually to unpack itself) |
| notice | Changes read-write memory protection to read-execute (probably to avoid detection when setting all RWX flags at the same time) |
| notice | The binary likely contains encrypted or compressed data indicative of a packer |
| info | One or more processes crashed |
Rules (4cnts)
| Level | Name | Description | Collection |
|---|---|---|---|
| watch | UPX_Zero | UPX packed file | binaries (upload) |
| info | IsPE32 | (no description) | binaries (upload) |
| info | Microsoft_Office_File_Zero | Microsoft Office File | binaries (download) |
| info | PE_Header_Zero | PE File Signature | binaries (upload) |
Network (0cnts) ?
| Request | CC | ASN Co | IP4 | Rule ? | ZERO ? |
|---|
Suricata ids
PE API
IAT(Import Address Table) Library
MSVBVM60.DLL
0x401000 MethCallEngine
0x401004 None
0x401008 None
0x40100c None
0x401010 EVENT_SINK_AddRef
0x401014 None
0x401018 DllFunctionCall
0x40101c EVENT_SINK_Release
0x401020 EVENT_SINK_QueryInterface
0x401024 __vbaExceptHandler
0x401028 None
0x40102c None
0x401030 ProcCallEngine
0x401034 None
0x401038 None
0x40103c None
0x401040 None
EAT(Export Address Table) is none
MSVBVM60.DLL
0x401000 MethCallEngine
0x401004 None
0x401008 None
0x40100c None
0x401010 EVENT_SINK_AddRef
0x401014 None
0x401018 DllFunctionCall
0x40101c EVENT_SINK_Release
0x401020 EVENT_SINK_QueryInterface
0x401024 __vbaExceptHandler
0x401028 None
0x40102c None
0x401030 ProcCallEngine
0x401034 None
0x401038 None
0x40103c None
0x401040 None
EAT(Export Address Table) is none